Category Archives: Internet Security
What Were the Twitter Files? – The Nation
What exactly were the Twitter Files about? By now, its settled into a near-consensus everywhere but on the right that the disclosures were of little consequence. This view only hardened after MSNBC anchor Mehdi Hasan challenged Matt Taibbi, the journalist most associated with the so-called Files, on several major reporting errors two weeks ago.
Taibbi had mixed up the timeline of the creation of the Election Integrity Partnership (EIP), the public-private project set up to monitor social media misinformation during the election, and had vastly overstated the number of tweets it had flagged for removal, from 2,890 tweets to 22 millionTaibbis most consequential claim, according to one commentator.
Most seriously, Hasan showed that in charging that the EIP was partnered with state entities, Taibbi had erroneously identified the Center for Internet Security (CIS), a private nonprofitas the CISA, the Department of Homeland Securitys (DHS) Cybersecurity and Infrastructure Security Agency. Adding an A to the end of CIS allowed Taibbi to make what Hasan called the false claim that the EIP was partnered with the government.
As the MSNBC chyron asked whether there was proof of [a] censorship regime, viewers were clearly left to think there wasnt. Since then, Hasan has said that Taibbis false identification of the CISA was key to his thesis. In a widely circulated post, Techdirt charged that it had been a key linchpin in the argument that the government was sending tweets for Twitter to remove, concluding that there remains no there there. Various pundits have since repeated these points, charging the entire scary censorship narrative has fallen apart.
For many, this was a gratifying end to the saga: A media figure that many viewed as having gone over to the Dark Side of the conservative culture wars was taken down on live television. But reducing the matter to an episode of media comeuppance does a profound public disservice when, despite Taibbis errors, the convergence of social media censorship and the national security establishment is both very real and deeply worrying.
And Taibbis critics overstatements are themselves deeply misleading. Take the issue of the CIS and the CISA. While Taibbi mixed up the two in his tweet, the fact that the CISA works with the EIP isnt remotely a false claim: The EIP itself openly says its partnership with CISA began under the Trump administration.
Meanwhile, though the CIS certainly isnt a government entity, its also received a little under $250 million of US government funding since 2008the vast majority of it from the DHS. By the CISs own admission, both its divisions on election security and broader cybersecurity, which work together, are funded by grants from the very same CISA in question. It openly calls its cybersecurity division a government entity and boasts members from all 50 states, 49 state capitals, as well as hundreds of local governments, tribal governments, and U.S. territories. The CISs president and CEO is a former US Air Force and Department of Energy official who sat on the Cyber Security Commission under Barack Obama, while its other executives and board members hail from government entities like the National Security Agency (NSA), the Pentagon, and of course, the DHS. It even has a handy infographic showing the close relationship between it and the CISA.
Theres no question that the CIS is a private nonprofit. But its one so intertwined with the DHS, and so deeply connected to the similarly named CISA, that the lines between private and government are awfully blurry.
But in many ways, the CIS/CISA issue is beside the point, because this was by no means the most important revelation regarding government involvement in tech censorship. The three letters conspicuously missing from criticisms of the Twitter files are F, B, and I, with the disclosures having laid bare the alarming extent of the role that the Federal Bureau of Investigation now plays in the companys content moderation policies.
Among the disclosures were the fact that the FBI was having monthly and even weekly meetings with Twitter executives to coordinate anti-misinformation efforts; that it was doing so in conjunction with entities like the DHS, the Department of Justice (DOJ), and the office of the Director of National Intelligence; that the Central Intelligence Agency and even, at one point, the NSA, were involved in such meetings; that in Twitters interactions with the FBI, former Head of Trust and Safety Yoel Roth considered the Bureau a proxy for the entire intelligence community as a whole; and that the FBI and Twitter have become closely enmeshed, through the voluminous hiring of former Bureau personnel, offers of temporary security clearances and classified information sharing, and the creation of special portals for it and other government agencies to flag content.
What did they do with this influence? Among other things, the FBI and other government entities regularly sent over lists and Excel spreadsheets of hundreds of problematic accounts and tweets, a deluge of censorship requests that Twitter employees were overwhelmed by; repeatedly pressured Twitter to find evidence of large-scale foreign disinformation that the company officials said didnt exist; were involved in what one employee called a sustained (If uncoordinated) effort by the I[ntelligence]C[ommunity] to push us to share more info & change our API policies, an effort that involved congressional staffers; and that US officials simultaneously had Twitter exempt from censorship their own propaganda accounts. While critics charge that theres no evidence of government censorship in the files, there are in fact numerous instances of employees acting on government requests, with Twitters former public policy chief acknowledging that it identifies misinformation via the FBI/DHS.
Readers like you make our independent journalism possible.
Twitter employees themselves didnt share the blas attitude of critics of the reporting. They were perturbed that the FBI was just doing keyword searches for [terms of service] violations when it flagged accounts. Even the companys former deputy general counsel Jim Bakerhimself a former FBI officialfound it odd that they are searching for violations of our policies. Roth was uncomfortable with the implications of state-controlled media the Bureaus increasingly aggressive demands brought up.
But you dont need Twitter bigwigs to explain why this is all troubling. Take the FBI, which just in recent years has turned its spying power on Black activists protesting police brutality in ways that the ACLU has said are built on anti-Black racial stereotypes, investigated and infiltrated the Standing Rock protest movement, and carried out a nationwide sweep of Muslim households on the eve of the 2016 election. There is alarming evidence of far-right sympathies within the Bureau and its collaboration with far-right extremists for the purpose of targeting anti-fascists. The FBI most recently made headlines for its role in the prosecution of Cop City protesters in Atlanta and its surveillance of connected activist groups.
Theres no shortage of scandals in the bloated DHS either, from its surveillance of journalists, activists, and anti-Trump protesters, to the overlap between it and the membership of the far-right Oath Keepers, to the tune of hundreds of its current and former employees. This is all against the backdrop of a wider policy strategy involving the DHS and the DOJ that views left-leaning activist movements like environmentalism, animal rights, and anti-capitalism as potential domestic terrorism.
This bias is evident in the Twitter files. The FBI flagged tweets supporting the George Floyd protests as potentially driven by foreign-controlled bots. It likewise incorrectly flagged leftist Catalonian accounts as being of Russian origin, while Taibbi reported that a list of hundreds of supposedly Iranian government-linked accounts included a former newspaper reporter and the left-wing outlet Truthout. Intelligence reports flagged thousands of accounts propagating anti-Bolsonaro/pro-Lula hashtags, referring to the far-right former president of Brazil and his leftist challenger, respectively.
That Twitter often resisted the FBI isnt especially encouraging either, since even it admitted it was fighting a losing battle. Commenting on Twitters resistance to one particular censorship request, one employee wrote that our window on that is closing, given that government partners are becoming more aggressive. When another employee found no links to Russia on a set of flagged accounts, they offered to try to find a stronger connection anyway.
Hasan played down these concerns by pointing out that Twitter officially acted on 40 percent of government requests, instead of 100 percent of them. This will be cold comfort to the many left-leaning users who have been on the other side of these requests. That includes the hundreds of Palestinian activists, journalists, and other users who have complained for years about being censored for alleged terms of service and other violations on the platform, which has become integral to Palestinian organizing. An internal report last year from Facebook, another platform that partners with the FBI to fight misinformation, determined that its policies had an adverse human rights impact on Palestinians democratic rights partly through greater over-enforcement against Arabic posts.
Little thought is being given to how such a censorship regime could be misused in the future. Indeed, national security agencies dont tend to give up power and shrink but to accumulate it and grow. And the Twitter Files show ample evidence of the government already pushing for exactly that.
Since taking over Twitter, Musk has slashed the platforms content moderation team, claiming that the censorship bureau was let go. But there is little reason to sleep soundly. Musk, whose businesses are highly reliant on government contracts, particularly from the Pentagon, has stopped Twitters practice of publishing regular transparency reports about government requests, raising the question of whether Musk has not so much ended the companys cooperation with the national security state as simply hidden it from public view. Musks free speech crusade has not extended to restoring the account of the group responsible for the 2020 BlueLeaks disclosures about police misconduct, and he has willingly gone along with the Modi governments censorship demands against critics in India, in line with his highly questionable definition of free speech as merely meaning censorship in accordance with whatever the law demands. Musks words of assurance arent credible either: in the same BBC interview in which he claimed to be resisting government censorship, he labeled as total bullshit the existence of a family emerald mine that he once openly boasted about.
But even if one holds the utmost faith in Musks free speech commitments, the Tesla billionaire wont own Twitter forever. And the kind of government role in social media censorship laid bare in the Twitter files extends to a variety of other industry partners like Facebook, which has shown an equally alarming propensity for censoring content that deviates from official US policy.
Get unlimited access: $9.50 for six months.
Will progressives be comfortable when the speech thats targeted for censorship doesnt concern elections and vaccines but instead that which undermines the publics trust in the courts and the financial system, or provokes violence against key infrastructureall of which the CISA has plans to target? And given the cyclical nature of politics, do they trust Donald Trump or whichever other Republican inevitably ends up in the White House someday to use these powers responsibly, let alone to share their views of what constitutes online misinformation? Progressives should remember that objections to War on Terror excesses were largely about how the sprawling, invasive national security state created after 9/11 could easily be hijacked by an unscrupulous, authoritarian leadera prophecy we got some taste of in Trumps response to the protests of 2020.
Government control of whats said on social media and the rest of the Internet is a hallmark of authoritarian systems that exist in countries like Russia and China. Theres good reason to worry that the enmeshment of social media platforms with the national security state outlined in the Twitter Files, if left unchecked, could lay the foundation for exactly that. Progressives will protest in outrage if and when this regime is weaponized by right-wing forces. But by then, it may prove too late.
Originally posted here:
What Were the Twitter Files? - The Nation
National push to bolster security of key election technology – ABC News
ATLANTA -- An effort to create a national testing program for technology central to U.S elections will be launched later this year, aiming to strengthen the security of equipment that has been targeted by foreign governments and provided fertile ground for conspiracy theories.
So far, states have been left on their own to evaluate the technology that provides the backbone of election operations: voter registration databases, websites used to report unofficial results on election night and electronic pollbooks, which are used instead of paper rolls to check in voters at polling places.
The nonprofit Center for Internet Security hopes to provide the nation's first uniform testing program for the technology, similar to one for voting machines. Its goal is to start the voluntary service in September as a way to help boost the security and reliability of the technology before the 2024 presidential election.
In 2020, 15 states, including Arizona, Florida and Nevada, did not require any type of electronic pollbook testing or certification, according to federal data.
This is a critical need being filled at a critical time, said Chris Wlaschin, senior vice president for Election Systems & Software, a leading voting machine manufacturer that also produces electronic pollbooks. I think as more election officials learn about it, the more theyre going to ask for it.
The use of electronic pollbooks in particular has expanded rapidly in recent years. Nearly one-third of all voting jurisdictions in the U.S. used electronic pollbooks in 2020, compared with about 18% four years earlier, according to data collected by federal Election Assistance Commission.
The systems bring unique security challenges. In many cases, they have internet connections or interact with systems that do. In counties with a vote center model, where registered voters can cast a ballot at any polling place, electronic pollbooks often communicate with each other and with the central voter registration system. Thats one way to ensure people are not able to vote at multiple locations or vote in-person after returning a mail ballot.
How much of an effect the new testing program will have on the 2024 presidential election is yet be determined. Much depends on how many technology providers sign up and how many state election offices will use it, but there appears to be wide interest.
One of the major benefits of this program is that it will provide a consistent process for certification for all of the different states that adopt it, Jamie Remes with VR Systems, a provider of electronic pollbooks and election management systems, said during a recent event organized to discuss the testing program.
The South Carolina Election Commission, which has developed its own voter registration system, was among the offices participating in the center's testing pilot. Commission member Brian Leach said during the recent panel discussion that he saw one benefit of the program as helping increase voter confidence in what we are doing."
Confidence in elections, particularly among Republicans, has decreased amid a sustained campaign by former President Donald Trump and his allies to discredit the results of the 2020 presidential election. There is no evidence of widespread fraud or manipulation of voting equipment in 2020, backed up by exhaustive reviews in states lost by Trump.
The center has not been immune to the assault on U.S. elections and has faced various claims related to its work. Online posts have sought to raise questions about its funding, purpose and the services it provides to state and local election offices.
The center receives a mix of federal and private money, and the pilot developed for its testing program got support from the Democracy Fund, which was started by eBay founder Pierre Omidyar, a donor to Democratic campaigns and liberal causes. The testing program itself is funded solely by the center and eventually is to be supported entirely with fees paid by technology providers, according to the center.
Meanwhile, the federal commission is pursuing its own testing program for electronic pollbooks. Earlier this year, agency officials said they are making progress with their pilot program but that it was unlikely standards could be in place before the 2024 election.
As the use of electronic systems has grown, they have proved an attractive target for those seeking to meddle in U.S. elections.
In 2016, Russian hackers scanned state voter registration systems looking for vulnerabilities and accessed the voter registration database in Illinois, although an investigation later determined no voter data was manipulated. In 2020, Iranian hackers obtained confidential voter data and used it to send misleading emails, seeking to spread misinformation and influence the election.
Experts say the systems could be prime targets again for those seeking to disrupt voting and sow doubts about the security of elections. Gaining access to a voter registration database, for example, could allow someone to delete voters from the rolls. When people show up to vote, they would be told they are not on the list and forced to cast a provisional ballot.
In Detroit last November, a few polling locations had brief delays checking in voters related to a data error that was quickly identified and resolved. Trump seized on the early reports, calling the situation in Detroit REALLY BAD in a social media post and urging people to Protest, Protest, Protest!
Those involved said the center's testing program already has had an effect in boosting confidence in the systems.
Its not just about product testing," said Jared Dearing, the centers senior director of election security and the former director of the Kentucky Board of Elections. "Its increasing the security posture of the companies that are creating these products.
Read more here:
National push to bolster security of key election technology - ABC News
The K-12 Report: A Cybersecurity Assessment of the 2021-2022 … – tripwire.com
The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center).
Published to prepare K-12 leaders with the information to make informed decisions around cyber risk, the report provides a data-driven analysis of what went well, what could be better, and what exactly is threatening our K-12 schools.
The MS-ISAC is federally funded by CISA and a division of the CIS.
What security risks are K-12s concerned about?
When considering the security concerns facing K-12 school districts, respondents stated their top five as:
Compounding these vulnerabilities are the real-world risks that these schools face. As listed in the report, they are:
The problems facing K-12 schools are roughly the problems we see across the board, but in these data-rich and resource-poor" environments, the sensitive, personal nature of whats at stake makes the situation all the more critical.
How prepared are schools to meet them?
This year, schools earned just over 50% in Average Cyber Maturity with a passing grade in Identity Management and the highest participation rate for K-12 school districts in the NCSRs 10-year history. Noting an overall 3% YoY increase in maturity scoring, schools are off to a good (albeit very gradual) start.
Lets review the high points. Schools performed well in:
Now, lets look for areas of opportunity. Referenced to a relevant NIST Cybersecurity Framework Category, these are the areas in which schools were generally performing poorly:
Just like eight out of ten schools were cyber insured, its interesting (and perhaps logical) that in an area where trained cyber professionals are hard to come by and there has been no historical groundwork for cyber infrastructure, the areas in which schools are performing the best are the ones leveraging the skills they already have (teaching, communicating, policy adherence).
Its fair to say this is one piece of evidence that schools are doing the best and in some cases, all they can. While a lean towards these security soft skills leaves some obvious technical gaps, this bias could prove an unlikely advantage. As the Verizon 2022 Data Breach Investigations Report notes, 82% of breaches are the result of human error, and tightening up that margin through security awareness and governance could be a small way to shut a large door.
How can schools improve their security posture?
In addition to some focused efforts on remediating the above areas of opportunity, there are a few things K-12 schools can do across the board to get those security grades up. They were listed in the report as follows:
In its final pages, the report outlines a host of free cybersecurity resources available to schools and districts looking to improve their security posture. Admittedly, its a new world for many of these organizations, and MS-ISAC, among others, is an organization committed to protecting what K-12 institutions have to offer.
The good news? This is just a pop quiz. If school administrators take the time to study, they can be ready for the real test. A test, hopefully, no school will have to face.
Editors Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Link:
The K-12 Report: A Cybersecurity Assessment of the 2021-2022 ... - tripwire.com
Global Cybersecurity Mesh Market Report 2023: Sector is Expected … – GlobeNewswire
Dublin, April 25, 2023 (GLOBE NEWSWIRE) -- The "Global Cybersecurity Mesh Market Size, Share & Industry Trends Analysis Report by Offering, Vertical, Deployment Mode, Enterprise Size, Regional Outlook and Forecast, 2022-2028" report has been added to ResearchAndMarkets.com's offering.
The Global Cybersecurity Mesh Market size is expected to reach $3.1 billion by 2028, rising at a market growth of 27.5% CAGR during the forecast period.
Key Market Players
Cybersecurity mesh is a distributed architectural approach for scalable, adaptable, and reliable cybersecurity control that entails IT security design and implementation. Instead of erecting a single barrier around all devices, cyber security mesh involves constructing tiny, separate perimeters around each device and access point.
It enables businesses to extend security wherever required. The cybersecurity mesh facilitates the implementation of a zero-trust architecture by safeguarding all accessible systems and data regardless of location.
Many companies invest in cybersecurity mesh to improve data security and prevent hackers from manipulating diverse network components. Cybersecurity mesh solutions are gaining acceptance, particularly because of enterprises' growing security concerns and heightened awareness of sophisticated cybersecurity. Rapid economic development, increasing acceptance of cloud-based services, expanding Internet of Things (IoT) deployment, and rising need for cyber-savvy boards are driving the market's growth.
Cybersecurity mesh architecture offers a flexible and scalable approach for increasing security controls even for widely separated assets.
Its versatility makes it perfect for more modular strategies and compatible with hybrid multi-cloud systems. Cybersecurity mesh allows a more composable, flexible, and robust security infrastructure. A cybersecurity mesh enables technologies to interoperate across many supported layers, such as centralized policy management, security intelligence, and identity fabric, instead of each security solution operating in isolation.
Market Growth Factors
Cyberspace expansion increases the demand for better security solution
Cyberspace has changed during the past few decades. Historically, corporations concentrated on safeguarding the network's perimeter, ensuring that the network's inside remained a secure, trusted environment. The pandemic has dramatically boosted organizations' use of the internet. IT firms have complicated security requirements, rendering the current security architectural techniques outdated. This quickly evolving digital ecosystem needs an updated security strategy to minimize all security risks and operational burdens. The perimeter of the enterprise network has evolved. These factors are boosting market growth.
The increasing adoption of the multi-cloud based strategies
Enterprises aspire to develop a unified security posture across multi-cloud environments. Cybersecurity mesh architecture (CSMA) allows people and machines to connect securely from numerous locations across hybrid and multi-cloud environments, channels, and diverse application generations, safeguarding the enterprise's digital assets. Hence, as CSMA safeguards the multi-cloud environment, which is becoming essential due to multi-cloud's rising adoption, the growth of the cybersecurity mesh market is expected to propel.
Market Restraining Factor
Shortage of skilled workers to employ and use cybersecurity mesh solution
Companies require competent cybersecurity workers today more than ever. Thus, many firms report that their board of directors advises raising headcount for IT and cybersecurity. After security administrators and architects, cloud security professionals and security operations analysts remain among the most sought-after positions in cybersecurity. Hence the shortage of skilled professionals, which is unable to meet the increasing demand for cybersecurity solutions, is expected to hinder the cybersecurity mesh market growth.
Scope of the Study
By Offering
By Vertical
By Deployment Mode
By Enterprise Size
For more information about this report visit https://www.researchandmarkets.com/r/vnh49s
About ResearchAndMarkets.comResearchAndMarkets.com is the world's leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends.
See the rest here:
Global Cybersecurity Mesh Market Report 2023: Sector is Expected ... - GlobeNewswire
How to reduce cyber attacks in the global supply chain – Raconteur
Last year, 39% of businesses in the UK discovered that they had been the target of cyber attacks.
Those findings, published by the National Cyber Security Centre (NCSC) in its 2022 Cyber Security Breaches Survey, highlight the ever-present, pervasive and persistent nature of cybercrime.
One attack stands out above all others. According to Brad Smith, vice-chairman and president of Microsoft, the attack on US management software company SolarWinds was the largest and most sophisticated attackever.
The 2020 breach was significant as it compromised SolarWinds data plus the data of 30,000 of its clients. That meant an entire supply chain, which included the US military, the Pentagon, hundreds of leading finance companies and universities.
Professor Steve Schneider, the director of the Surrey Centre for Cyber Security, explains how the attack was carried out. Instead of attacking a raft of major companies and institutions at the front end, the hackers infiltrated a SolarWinds network monitoring program. They then created an extremely sophisticated update, which contained malware. This enabled the hackers to access highly privileged and sensitive data plus the networks and systems of SolarWinds clients.
Since the SolarWinds breach, which was reported in December 2020, there has been no let-up in the number of cyber attacks on supply chains. A study by the European Union Agency for Cybersecurity (ENISA), for instance, revealed that third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in2020.
Audits must be centred on the premise that the chain is only as strong as the weakestlink
According to Black Kite, a cyber security firm which specialises in disrupting third-party risk practices,Air France, KLM and Nissan America are just some organisations reporting data leaks in the past 18 months which were caused by third parties. Another statistic by the NCSC is equally telling. It found that fewer than one in 10 organisations were monitoring risk posed by the supply chain.
But arguably it was 2021, the year in which the world was wrestling with the Covid-19 pandemic, that saw some of the most high-profile attacks. In January of that year, an attack on Microsoft Exchange impacted 250,000 servers, 30,000 companies and the Norwegian parliament.
Six months later, Kaseya, an information technology management and security software company based in Florida, was hit by a ransomware attack that temporarily shut down the operations of around 1,500 companies. In Sweden, the attack led to a supermarket chain being shut down for a week, while in New Zealand schools and kindergartens wereaffected.
All of these larger organisations were targeted through vulnerabilities in smaller third-party partners.
Emily Taylor is the CEO of Oxford Information Labs and an associate fellow of Chatham Houses international security programme. She notes that supply-chain cyber attacks through third-party software providers not only illustrate the vulnerability of digital supply chains but the indiscriminate and widespread damage that such attacks cancause.
Dr Kalina Staykova is assistant professor, information systems and management group, at Warwick Business School and has researched cybersecurity supply chain attacks. She thinks that attacks targeting IT-management providers only tell half thestory.
Cyber attacks come from suppliers across all industry tiers, she says, and adds that while most companies focus on assessing the cyber risks coming mainly from tier-one and tier-two suppliers, threats also come from suppliers deep within the valuechain.
Too often companies underestimate the value of low-tech solutions
She points to a cyber attack on Target, a large US retailer with operations in every US state. In the case of Target, attackers breached its cyber defences by infiltrating a third-party vendor Fazio Mechanical Services, a heating, ventilation and air conditioning company, sheexplains.
This hack begs an important question. Are smaller suppliers that provide services to larger companies more vulnerable to cyber attacks than largervendors?
While few concrete studies validate this hypothesis, research by the NCSC revealed that larger companies, due to increased funding and expertise had more enhanced cybersecurity.
Staykova says there is not enough empirical evidence to make this claim. But equally, she concedes that often by definition smaller suppliers have poorer cybersecurity standards.
But even if it is true that smaller suppliers are at greater risk of cyber attack than their larger counterparts, as they are part of the same supply chain ecosystems, what steps can be taken to keep everyone safe from cyberattacks?
In vast and complex supply chains, Staykova says that maintaining visibility to manage risk is the greatest challenge. To counter this risk, she believes that the traditional, maturity-based approach is outdated and organisations should switch to a risk-based approach to cybersecurity.
For such a risk-based strategy to be effective requires a cultural sea change, thinks Emily Taylor. It is not a technical issue but an all-encompassing strategy that needs to be fully embraced at board level and embedded across the company instead of being left to technical teams to manage on their own, sheadds.
Taylor, who is a specialist in internet law and governance, says a successful approach is not necessarily about installing expensive cybersecurity software and systems. Instead, she thinks it is about staff training and clear policies and procedures that promote awareness, identify weaknesses in the security architecture and mitigate risk. That neednt cost a lot and should be within the capability of every supplier large, medium-sized orsmall.
Schneider agrees. Too often companies underestimate the value of low-tech solutions. Take the principle of least privilege. This policy is effective as it ensures that third-party software should only obtain the access privileges it needs to perform its function. If this simple principle is applied across the value chain then, while it will never eliminate cyber attacks in the supply chain, it closes one particular attackvector.
But there are other approaches which can add value. According to Hiscox, a global cybersecurity insurance provider, third-party attacks can be mitigated by better understanding supply chains and regular audits. So, what should a cyber security audit looklike?
For Staykova the two are linked: Audits must reflect reality, shesays.
They must be centred on the premise that the chain is only as strong as the weakest link and that cyber security defences are not impregnable. Therefore, audits should be complemented by real-world stress tests, where an organisation and its key suppliers come together and conduct table-top exercises in which mock attacks are launched to gauge how staffrespond.
It is not a technical issue but an all-encompassing strategy that needs to be fully embraced at boardlevel
As for shining a light on cyber weaknesses in the value chain, Staykova recommends that organisations in the same supply chain space commission third-party security providers to audit the status of cybersecurity defence by third-party vendors. This would be instead of asking third parties to self-report on this, which is usually done via questionnaires that she says are insufficient to paint an accurate picture of cyberhygiene.
Taylor says in addition to cybersecurity prevention awareness, cyber hygiene across the supply chain must improve across the board. For technical development teams, she notes that external penetration testing (pen testing) can be effective in raising standards of security by design. But she adds that resilience can be improved through organisation-wide training and awareness.
She explains: When there is a major outage, we often assume that its a highly sophisticated cyber attack. But the stark truth is that many outages are caused by human error or breaches that would never have got through if the level of cyber hygiene had beenhigher.
For smaller organisations, an NCSC-backed certification scheme, Cyber Essentials, is within reach and can help to improve standards. But Taylor believes the insurance sector too could play more of a key role in raising the cyber-hygiene bar in thefuture.
A few years ago, there was a belief in policy circles that insurers would ride to the rescue by incentivising organisations to improve standards of cyber hygiene. But that hasnt really happened. I still believe there is a potential virtuous circle to be created by insurers offering lower premiums to suppliers that can demonstrate higher levels ofsecurity.
But,Tim Andrews, a senior cyber underwriter for Hiscox, says that over the past few years the cyber insurance market has significantly increased the baseline requirements for cybercover.
Organisations are now expected to have cyber security controls in place that just a few years ago would have been seen as nice to haves. And underwriters are scrutinising those controls in much greater detail including how those controls have been implemented and are governed, heexplains.
With research from Hiscox also revealing that third-party supplier cyber attacks account for 40% of all ransomware attacks globally, for some vendors that help cant come soonenough.
Excerpt from:
How to reduce cyber attacks in the global supply chain - Raconteur
Shift-Left, Shield Right | Early Availability of Wiz Integration with … – SentinelOne
SentinelOne is pleased to announce early availability (EA) of the integration between our real-time, AI-powered Cloud Workload Protection Platform (CWPP) with the Wiz Cloud-Native Application Protection Platform (CNAPP) functionality. This shift-left, shield right combination of Wiz and SentinelOne in a multi-layered cloud security stack helps cloud security practitioners quickly and easily identify, prioritize, and fix cloud security incidents more efficiently.
When SentinelOne detects a runtime threat to a cloud server or container, it automatically ingests relevant context from Wiz about that cloud resource, including any vulnerabilities, misconfigurations, and exposed secrets that Wiz has detected on it. The SentinelOne threat is automatically enriched with this information in the SentinelOne Singularity Platform console. This helps cloud security teams improve security outcomes, including faster and more effective triage, prioritization, and time to remediation. Through the integration of Wiz and SentinelOne products, security teams can now:
To get started, SentinelOne customers can navigate to the Singularity Marketplace from within the management console and search for Wiz. Select the Wiz app and install (See Figure 1).
To configure the integration (see Figure 2), the Wiz API URL value can be found from the Wiz console via:
The value for Wiz URL to fetch token will be https://auth.app.wiz.io/oauth/token. And the values for Client ID and Client Secret can be obtained by creating a new Service Account in the Wiz console. For instructions, please refer to the Wiz documentation on the topic. Then, simply save the configuration and your integration between the Wiz and SentinelOne platforms is ready to use.
From any Threat Details screen within the SentinelOne management console, click the XDR tab to review related context from Wiz called Issues for the underlying cloud resource (e.g., Amazon EC2 instance).
Singularity Cloud Workload Security is SentinelOnes real-time CWPP solution for workloads, on-prem or in the cloud, on VMs, containers, or Kubernetes clusters. It stops runtime threats such as ransomware, zero-day exploits, and memory injections from disrupting cloud operations or compromising company secrets. Machine-speed threats such as these require the machine-speed detection and response that only a real-time solution can provide. Working alongside a shift-left solution such as Wiz which scans for software vulnerabilities, excessive permissions, misconfigurations, and more only makes the cloud security stack that much more compelling.
Upon detecting a runtime threat, Singularity Cloud Workload Security automatically ingests issue details from Wiz, enriching threat details with context on the underlying infrastructure. For example, a suspicious threat detected on an Amazon EC2 instance (see Figure 3) is enriched with details such as whether the instance is exposed to the internet, has excessive permissions, and/or contains a vulnerability with a known exploit.
Wiz had previously scanned the infrastructure, identifying that this specific cloud compute instance is publicly exposed to the internet, via a cloud access key that was saved in cleartext on a public repository such as GitHub. Moreover, this instance has a critical or high network vulnerability with a known exploit. These supporting details are extraordinarily helpful to the security practitioner during triage. Not only is the investigation streamlined, the incident can be routed to the appropriate DevOps owner with all haste.
Additionally, a deep link from the cloud resource issues attached to the threat details can take the user whether a security practitioner, or the DevOps owner from the SentinelOne console directly into the Wiz console. As a matter of convenience and efficiency, the user can then examine the attack path in Wiz Security Graph, run queries to identify what other instances may have the same vulnerabilities, and take corrective action such as updating the workload image to prevent recurrence. Meanwhile, back in the SentinelOne console, the security user can remediate the incident, either with a single click or in a fully-automated, machine-speed fashion governed by policy which the security admin controls.
By enriching cloud runtime threats detected by Singularity Cloud Workload Security with context from Wiz on the underlying cloud resources directly within the SentinelOne console, security practitioners can better protect cloud workloads from build time to runtime. Through better prioritization, streamlined investigation, and simplified remediation, security can better manage risk and slash mean-time-to-repair. Each solution works alongside the other to set the stage for improved cloud operations, innovation, and ROI.
To learn more, visit us at RSAC 2023 at booth S-626, where we are demonstrating this exciting integration. Wont be at RSAC this year? Not a problem. Navigate over to our solution homepage to learn more and, when you are ready, connect with one of our cloud security experts for a demo.
Singularity Cloud
Simplifying security of cloud VMs and containers, no matter their location, for maximum agility, security, and compliance.
See original here:
Shift-Left, Shield Right | Early Availability of Wiz Integration with ... - SentinelOne
Tech7 Joint Statement: G7 to strive together towards further … – DigitalEurope
2. Utilization of digital technology in addressing global sustainability challenges such as climate change and the energy transition
The 2030 United Nations Sustainable Development Goals cover a wide range of areas, including climate change countermeasures, sustainable production and consumption, affordable and clean energy, and the realization of an inclusive society that leaves no one behind. By adopting digital technology globally and accelerating adoption in the global south, we will be able to provide effective solutions to address all of these issues. Above all, digital technology and connectivity will play a key role in attaining climate goals, and in accelerating the rollout of renewable energy, improving energy efficiency, and saving costs for consumers and businesses. G7 countries should work in concert to increase digital inclusion around the globe. The tech industry stands ready to assist the G7 in the implementation of the Partnership for Global Infrastructure and Investment.
We are convinced G7 countries should step up work on the alignment of subsidy packages for recovery and resourcing. Subsidies should be aligned between G7 members so that no discrimination takes place and common growth strategies are developed amongst partners.
3. Global dissemination of human-centred AI principles:
The use of AI, including the new generative AI system, is rapidly expanding around the world, and along with other technologies, it is expected to help solve complex social and environmental challenges facing the modern world, advance productivity, and support growth in a wide range of fields. AI drives the worlds economic productivity and growth, supports people in all aspects, including helping to deliver public services, and contributes to the development of mature digital markets. The G7 should share the same understanding of AIs role in building trust and align around core principles.
4. Cyber security to secure trust
With the increase in online services and activities, the digitization of industries, and the increase in connected devices (IoT), the role of cybersecurity has become even more important in providing stable networks. Strong cybersecurity measures that protect systems and data from cyber threats are fundamental to securing the digital economy and consumer trust. From critical infrastructure to consumer device makers, ensuring cyber security has become imperative for all participants in the digital ecosystem. Risk-based cybersecurity is a prerequisite for unlocking the potential of data for economic growth and social good in areas such as healthcare. Yet, each country and region has its own cybersecurity policies and measures (e.g. EUs NIS2, cybersecurity certification scheme and NLF, Japans Cyber/Physical Security Framework (CPSF), and IoT Security Safety Framework (IoT- SSF)), leading to fragmentation and in some cases discrimination against companies from allies countries. G7 members must align on internationally-recognized cybersecurity frameworks, measures, and risk management best practices to ensure interoperability and data flows among the G7 to address cross-border cyber risks that may jeopardize the functioning of our economies and societies.
5. Advancing connectivity for new digitalization opportunities for society (6G)
Secure digitalization comes with great potential to transform industries and our society. It is also vital to achieving sustainability targets. The mobile network platform, as defined by 3GPP for 4G and 5G, is already the primary and most reliable means of internet access and digital services interaction for most of the worlds population and constitutes critical infrastructure for the functioning of society. Still, the future mobile network platform will and must continue to evolve and achieve further advances in e.g., openness, configurability, capacity, security, and reliability needs, to meet the demands of being the communication and digitalization backbone of society.
The Tech7 supports the ambitions to expand the global ecosystem to ensure affordability for the global south, combined with new possibilities for security. Future mobile network platforms can continue to create an unprecedented foundation for a sustainable, secure, and more accessible digital economy for consumers, enterprises, and governments.
G7 members are well positioned to produce ground-breaking research while furthering each others capabilities through increased research cooperation creating mutual benefits toward leadership ambitions in 6G. G7 economies will benefit immensely from global, open 6G standardization efforts founded on WTO/TBT principles for international standards development. The importance of these principles was reconfirmed by G7 in 2021 and 2022.
While initial 6G research is already being performed at national and regional levels, the G7 should work together with global ambition in the following areas:
6. Proactive Cooperation to improve basic and advanced digital skills
In a rapidly changing world, digitization is an issue for all: businesses, governments, and civil society as a whole. Acquisition of basic digital skills at an early age is critical to the future of all countries and their citizens, and a precondition to narrowing the digital divide, by upskilling and reskilling citizens. Advanced digital skills in ICT processes from software development to new information systems design and management, and in several innovative areas, from data security to AI and data analytics/big data, are essential to accelerate adoption and reap the full benefits of new digital solutions. Ensuring that young people have access to online resources to develop digital skills and participate in the global digital ecosystem with their peers is essential to equip this and future generations with essential knowledge and expertise. Collaboration among G7 countries will be critical in affording young people the full opportunities of digitization and ensuring that vulnerable and disadvantaged young people are not excluded.
While policies are already in place at national and regional levels to address the digital skills gap, the G7 should work together globally in the following areas:
Visit link:
Tech7 Joint Statement: G7 to strive together towards further ... - DigitalEurope
NAB launches campaign to help Aussies ‘See Through Scams’ – NAB News
Young Australians are the least concerned about becoming a victim of a scam or cyber-attack and believe they know how to protect themselves, yet are among the most likely to experience one, according to new NAB insights.
The NAB Economics report into business and consumer experiences of cybercrime found scams or cyber-attacks had impacted one in five Australians, with the average loss being $569.
While three in 10 businesses had experienced cybercrime or a data breach, their average loss was almost $20,000.
It comes as NAB today launches a new education and awareness campaign to help Australians young and old See Through Scams.
NAB Executive Group Investigations & Fraud Chris Sheehan said the internet and telecommunications networks had become a digital front door for criminals to commit scams and fraud, and more had to be done to stop the crime.
Scammers are robbing Australians blind of their hard-earned money every day, and we need to stop the crime before it happens, Mr Sheehan, a former Australian Federal Police senior executive, said.
Scams often happen when people are rushing, tired or distracted.
We want to help people see scams differently and highlight the moment where split-second decisions are made, which, as our research shows, can have devastating financial and emotional consequences.
Educating yourself and the people around you friends, family and colleagues to see through scams is critical, particularly in todays digital world. No one wants their money to end up in the hands of criminals.
Contact your bank immediately if youve been scammed were here to help.
Read the story of a NAB customer who has been the victim of a scam here.
NAB Economics research commissioned as part of the campaign asked consumers and businesses about their experience of cybercrime and scams, the impacts, and ways they were protecting themselves.
Only 16% of men aged 18 to 29 were concerned about them or someone they lived with being the victim of a cyber-attack or scam.
But twice as many (34%) men that age had experienced one. One in two young men said they had good or very good knowledge of cyber security.
Approximately 18% of women aged 18 to 29 were concerned about a cyber-attack or scam, while 38% had been the victim of one. A third of young women said they had good or very good cyber safety awareness.
Mr Sheehan said a Team Australia approach across business sectors, governments and the community was urgently needed to reduce the impact of the growing global problem.
NAB has more than 60 projects underway across the bank to help address the impacts of scams and fraud, he said.
Making it harder for criminals to infiltrate bank phone numbers and text message threads and introducing protective prompts to digital banking so customers can identify potential scams are among some of the recent initiatives.
Weve also added 50 people to the Scams and Fraud team since October so customers can speak to someone faster.
We will always make every attempt to prevent scams and recover funds where possible. However, once the funds have left a victims account, it can often be difficult to recover them due to the sophistication and speed of these criminals.
NAB runs free monthly security webinars, with the next session coming up on Monday 1 May at 5.30pm (personal customers) and Tuesday 2 May at 12pm (business customers).
Anyone interested can sign-up at nab.com.au/security.
We also post the latest scam alerts on its Security Hub website, while customer education material is shared across platforms including in-app messaging, TikTok, Instagram and email.ENDS
Further information
More:
NAB launches campaign to help Aussies 'See Through Scams' - NAB News
Singtel-owned Optus hit with class-action lawsuit over 2022 cyber … – The Straits Times
SYDNEY More than 100,000 current and former customers have joined a class-action lawsuit against Australian telco Optus, a subsidiary of Singtel, over a cyber-security breach in 2022 that compromised the data of roughly 1.2 million customers, lawyers said on Friday.
Starting with the Optus breach in September, a spate of cyber attacks on Australias corporate sector has exposed the data of tens of millions of customers online and led the government to set up a new cyber-security body and overhaul rules that the Minister for Home Affairs and Cyber Security has described as bloody useless.
A claim lodged in the federal court by law firm Slater and Gordon on Friday alleged that Optus breached laws and its own policies by failing to adequately protect customer data and destroy or de-identify former customer data, according to a statement from the firm.
In a statement on Friday, Optus said it has yet to be served with any court documents on the matter. As previously announced, any class action will be vigorously defended, said the telco.
Members in the lawsuit want compensation for the time and money required to replace identity documents and for distress, frustration and disappointment caused by the breach. The statement did not specify an amount.
Claimants include a stalking victim who fears her life has been put in danger, the statement said. Slater and Gordons head of class actions Ben Hardwick said the breach has potentially put vulnerable customers at risk of domestic violence and other crimes.
Very real risks were created by the disclosure of this private information that Optus customers had every right to believe was securely protected by their telecommunications and Internet provider, Mr Hardwick said. REUTERS
See the article here:
Singtel-owned Optus hit with class-action lawsuit over 2022 cyber ... - The Straits Times
Could the lights go out in Europe? | BCS – BCS
When encountering security practitioners from espionages darker side, I often start the conversation with an initial question: how far inside our critical infrastructure might our adversaries be? And, how far inside theirs do you think we are?
What usually results is a short silence, followed by a swift rhetorical manoeuvre towards another topic.
In reality, the answer to my question might simply be unknown but the fact that experts dont seem willing to engage with the enquiry is important in itself. For example, do the Russians (or other potential adversaries) have the capability to disable our electrical power networks? Can they do this with a click of a mouse and with the same apparent ease with which Russia can turn off gas supplies across Europe?
We live in uncertain times. The war in Ukraine, concerns about Taiwans security and conflicts in the Middle East are evidence of a world thats far from stable or predictable.
In times like these, you dont need to look too far to find headlines speculating on cyber-attacks and their technicalities.
Its reasonable to expect that since the start of Russias war GCHQ, the National Cyber Security Centre, the NSA and other Western cyber-powers have all been sharing knowledge with Ukraine.
Early in the Ukraine war, NBC reported that President Biden had received a menu of options for conducting cyber attacks against Russia. The story stated the attacks would focus on disrupting networks and not harming people. Read past the headline, however, and the story reports that a US government spokesperson described the its given menu of possible cyber attacks as wildly off base and does not reflect what is actually being discussed.
Despite the spokespersons reported rebuttals, its hard to imagine that what NBC described in its story isnt already part of a longstanding strategic cyber response plan.
Russia itself is sure to have utilised, at least in some part, their significant cyberwarfare capabilities to further their intentions in Ukraine. During the 2014 invasion of Crimea Russia amped up its attacks on Ukraine, taking down government sites and social media platforms, and using spyware to track the movements of Ukrainian politicians.
Attacks went as far as physically ripping up fibre-optic cables between the Crimean peninsula and the rest of Ukraine in order to sever communications with Kyiv and give the Russian state media the monopoly on information. But the attacks made during the conflict itself were not the first: for months before the start of the 2014 invasion, Russia had been taking part in strategic cyber-espionage to gather information they could use in advance of their first strike.
Moving to the current war in Ukraine, reports continue to emerge of cyber activities. Some commentators suggest a haphazard approach by Russias cyber forces a theory which seems to line up with the invading states reportedly ineffective overall military approach to date.
Its a fair assumption that Russia will have used their cyber capabilities to assist their military objectives. It is equally fair to assume that Ukraine will have done everything in its power to prevent a Russian cyber-victory. We are unlikely to ever discover the reality of the situation, but some of the initial activity that we have observed include: various Ukrainian Government sites suffering Distributed Denial of Service (DDoS) attacks, spear-phishing activities taking place in NATO countries and a malware wiper tool erasing data from devices. Pro-Russian hacking groups have also been able to successfully disrupt businesses and government infrastructure in countries backing Ukraine, including in Lithuania, Latvia, Poland and Denmark.
The most worrying aspect in the cyber world is that, unlike the Cold War and its nuclear proliferation, there is no dtente - no international agreement or arms control. Additionally, we currently live in the cyber-wild-west where politically motivated cyber attacks arent the sole preserve of nation states. Rather, such attacks can be launched by individuals.
However you describe them patriots or vigilantes these attackers have many potent digital weapons at their disposal. Just how numerous and dangerous these software tools are became clear with the recent Vulkan Files leak: disgruntled by the war in Russia, black-hat hackers leaked a huge trove of data and insights about how Russias offensive cyber activities work.
An attackers actions also have the potential for catastrophic worldwide impact. Even targeted attacks by nation states have the potential to spill over into the rest of the world, as we saw with the Petya/NotPetya ransomware attacks carried out on Ukraine. These spread to organisations across the globe, including Maersk, Mondelez International and the UKs own Reckitt Benckiser.
The Internet of Things (IoT) is often not well-protected, leaving systems such as CCTV cameras vulnerable to attack. Indeed, there have been reports of Russian individuals hacking the dashboard cameras of Ukrainian defence forces, leading to dashcams being banned in parts of the country.
While this is, of course, incredibly dangerous for Ukrainians on the battlefield, other scenarios could see serious impacts for civilians too. Moving our discussion away from the battle field, your smart doorbell, baby monitor and smart watch data could all theoretically be used to paint a picture of your life: what you do, where you go and who you care about. These devices, which often have only basic defences against malware, could all also be used to monitor politicians, civil servants, judges or military personnel and provide hostile states with invaluable intelligence.